trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James P <james.hdx...@gmail.com>
Subject Re: Traffic Server as Forward Proxy
Date Tue, 20 Jun 2017 19:25:39 GMT
Hi all,

Before asking in this mailing list I could not figure out any solution, I
think any of the three proposed will solve the problem. I've already tried
remap.config solution and it worked. Now, I will try reverse-proxy and
proxy with SSL.
My thanks to Sail GK, Leif Hedstrom, and Alan Carroll. You have saved me
days of work.

James



On Mon, Jun 19, 2017 at 11:33 AM, Alan Carroll <
solidwallofcode@yahoo-inc.com> wrote:

> ip_allow.config would also work to allow inbound connections only from
> specific (client) IP addresses. Note that remap works for forward proxy
> therefore a remap.config could force all requests to the target.
> Alternatively, since ip_allow.config now supports outbound controls that
> could be set to allow outbound connections to only that specific IP address.
>
>
>
> On Monday, June 19, 2017, 8:36:22 AM CDT, Leif Hedstrom <zwoop@apache.org>
> wrote:
>
>
> Why can't you run this as a reverse proxy? Have all your service names in
> DNS point to the same IP running the proxy server, and add appropriate map
> rules for each one to the respective service IP (which are 1918 ranges I
> assume). You then want to require remap n the config she, which disables
> ATS as an open forward proxy.
>
> In this scenario you likely want to enable the pristine host header
> configuration as well.
>
> -- Leif
>
> On Jun 19, 2017, at 5:24 AM, salil GK <gksalil@gmail.com> wrote:
>
> Hi James
>
> Yes traffic server has different mechanism to do authentication. Most
> secure way is to make the port as ssl port
>
> CONFIG proxy.config.http.server_ports STRING 8445:ssl
>
> take a look at the following parameter on how to control client access
>
> CONFIG proxy.config.ssl.client.certification_level INT 2
>
> origin server access can be controlled by writing/modifying plugin. for
> authentication you may consider auth plugin
>
> Thanks
> ~S
>
>
>
>
> On 19 June 2017 at 16:02, James P <james.hdx.80@gmail.com> wrote:
>
>
>
> I have an application (C# software) that has been running on several
> clients. This application access a webservice from another company (ABC,
> for instance). However, in order to ensure protection, ABC company is now
> forcing us to use a single IP to use its webservice. Therefore, all my C#
> applications (in several different clients) needs to access using same IP.
>
> I have installed Apache Traffic Server as forward proxy and everything is
> working fine. The problem is that it is working as an open proxy and I know
> this is very risky.
>
> How can I keep this solution with Traffic Server and add some security?
>
> 1. Is it possible to use some form of authenticated requests in Traffic
> Server?
> 2. Is it possible to force the proxy to redirect all access the a
> webservice.abc-company.com domain? Therefore, it would not be an open
> proxy.
>
> Regards,
> Jameshdx80
>
>
>

Mime
View raw message